Jarno, Willy, Am 15.01.2018 um 14:28 schrieb Jarno Huuskonen: > On Sun, Jan 14, Tim Düsterhus wrote: >>> Have you tested that req.hdr_ip / stick tables work w/both masks ? I >>> used something like: >>> http-request track-sc0 req.hdr_ip(X,1),ipmask(24,64) table test_be >>> http-request set-var(sess.myx) req.hdr_ip(X,1),ipmask(24,64) >>> http-response set-header X-MY %[var(sess.myx)] >>> >>> backend test_be >>> stick-table type ipv6 size 20 expire 180s store gpc0,conn_cnt >>
I just read up on stick tables and think I figured it out: haproxy.cfg > defaults > log global > mode http > option httplog > option dontlognull > timeout connect 5000 > timeout client 50000 > timeout server 50000 > > frontend fe > bind :::8080 v4v6 > > http-request track-sc0 src,ipmask(24,64) table be > # Masked IPv4 for IPv4, empty for IPv6 (with and without this commit) > http-response set-header Test %[src,ipmask(24)] > # Correctly masked IP addresses for both IPv4 and IPv6 > http-response set-header Test2 %[src,ipmask(24,ffff:ffff:ffff:ffff::)] > # Correctly masked IP addresses for both IPv4 and IPv6 > http-response set-header Test3 %[src,ipmask(24,64)] > http-response set-header Stick %[sc0_conn_cnt(be)] > > default_backend be > > backend be > stick-table type ipv6 size 20 expire 180s store gpc0,conn_cnt > server s example.com:80 Calls: > [timwolla@/s/haproxy (master)]http --headers 127.0.0.3:8080 |grep Stick > Stick: 3 > [timwolla@/s/haproxy (master)]http --headers 127.0.0.1:8080 |grep Stick > Stick: 1 > [timwolla@/s/haproxy (master)]http --headers 127.0.0.2:8080 |grep Stick > Stick: 2 > [timwolla@/s/haproxy (master)]http --headers 127.0.0.3:8080 |grep Stick > Stick: 3 > [timwolla@/s/haproxy (master)]http --headers 192.168.178.38:8080 |grep Stick > Stick: 1 > [timwolla@/s/haproxy (master)]http --headers [::1]:8080 |grep Stick > Stick: 1 > [timwolla@/s/haproxy (master)]http --headers [::1]:8080 |grep Stick > Stick: 2 I think this is looking good, no? Best regards Tim Düsterhus
